>From e6c56ab04e9b3669a7f7a87e49752c22d72e8e8a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 20 Aug 2014 14:00:38 +0200
Subject: [PATCH] LDAP: Ignore returned referrals if referral support is
 disabled

Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit a2ea3f5d9ef9f17efbb61e942c2bc6cff7d1ebf2)
---
 src/providers/ldap/sdap_async.c | 13 ++++++++++++-
 src/util/util_errors.c          |  1 +
 src/util/util_errors.h          |  1 +
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 03951077718b59087d8a0986f70d4edac6b77610..876fe74ed1cb64d9a7beb781384173e2cf188d41 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -1420,6 +1420,10 @@ static void sdap_get_generic_ext_done(struct sdap_op *op,
             ldap_memfree(errmsg);
             tevent_req_error(req, ENOTSUP);
             return;
+        } else if (result == LDAP_REFERRAL) {
+            ldap_memfree(errmsg);
+            tevent_req_error(req, ERR_REFERRAL);
+            return;
         } else if (result != LDAP_SUCCESS && result != LDAP_NO_SUCH_OBJECT) {
             DEBUG(SSSDBG_OP_FAILURE,
                   "Unexpected result from ldap: %s(%d), %s\n",
@@ -1582,11 +1586,18 @@ static void sdap_get_generic_done(struct tevent_req *subreq)
 {
     struct tevent_req *req = tevent_req_callback_data(subreq,
                                                       struct tevent_req);
+    struct sdap_get_generic_state *state =
+                tevent_req_data(req, struct sdap_get_generic_state);
     int ret;
 
     ret = sdap_get_generic_ext_recv(subreq);
     talloc_zfree(subreq);
-    if (ret) {
+    if (ret == ERR_REFERRAL) {
+        if (dp_opt_get_bool(state->opts->basic, SDAP_REFERRALS)) {
+            tevent_req_error(req, ret);
+            return;
+        }
+    } else if (ret) {
         DEBUG(SSSDBG_CONF_SETTINGS,
               "sdap_get_generic_ext_recv failed [%d]: %s\n",
                   ret, sss_strerror(ret));
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
index 0306be35d0b5fbf9ab69ce534522bb4f9a516794..dc0a4f5d52f1e7d8159fb6a3de271aa5d3d9b420 100644
--- a/src/util/util_errors.c
+++ b/src/util/util_errors.c
@@ -59,6 +59,7 @@ struct err_string error_to_str[] = {
     { "Cannot get bus message sender" }, /* ERR_SBUS_GET_SENDER_ERROR */
     { "Bus message has no sender" }, /* ERR_SBUS_NO_SENDER */
     { "Cannot connect to system bus" }, /* ERR_NO_SYSBUS */
+    { "LDAP search returned a referral" }, /* ERR_REFERRAL */
 };
 
 
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
index 7014092405b5a085f44c81b0d7c30f28cc70561c..5379c698acfb5b01d0c84c2fbe646a6127475ee7 100644
--- a/src/util/util_errors.h
+++ b/src/util/util_errors.h
@@ -81,6 +81,7 @@ enum sssd_errors {
     ERR_SBUS_GET_SENDER_ERROR,
     ERR_SBUS_NO_SENDER,
     ERR_NO_SYSBUS,
+    ERR_REFERRAL,
     ERR_LAST            /* ALWAYS LAST */
 };
 
-- 
1.9.3